Domain Theft Story

Mar 20, 2009 · Updated: Nov 09, 2017 · by Tim Kamanin

This story happened to me last Sunday. That perfect morning, I logged in my
email and found a message from GoDaddy telling that all my domains have been
transfered. "Ooops", I thought. I quickly logged in my GoDaddy account and
.... yes, all my domain names were gone... 10 domains simply disappeared. It
was a very bad feeling to realize that everything you have been working on for
2 years more is gone.... terrible feeling, not worst, but terrible for sure.

OK, I looked at whois and saw that my domains still stayed on GoDaddy but were
transferred to an account of some Turkish man. DNS settings stayed the same,
so I had an access to all my sites. This showed me some signs of hope. I
immediatelly contacted undo@godaddy.com and reported them about this robbery.
The I called support team and they couldn't do anything but suggest me to
contact their Undo Department by mail (undo@godaddy.com). Their department
works from Mon to Fri, so it is unavailable on Sundays. "Nice move, you freaky
bastard", I thought about this Turkish.

I did what I could. I had to wait for monday and hope, that scammer won't
transfer my domain out of GoDaddy system or even change my DNS settings. This
was hard day, so I took my girl and we went to seaside. You know, sea air
helps to fight stress and makes you to think more wider and more wiser.

Monday has landed. I checked my inbox and got message from GoDaddy. They told
me thay they will investigate this matter and I have 10 days to provide my
Photo ID and fill in UNDO form to get my domains back. Meanwhile, they blocked
my domains, so noone could transfer them out or change settings. This gave me
a portion of patience. I filled out all docs and sent it out to GoDaddy.

Tuesday. I got message from GoDaddy. They unlocked half of domains where I was
listed as registrant and asked me to provide Photo IDs for registrants of my
remaining domains. Thank God, they were not fake persons, so I could quickly
obtain photo ids and send em out to GoDaddy.

Wednesday. All my domains are back. Hooray! Pretty tough times and good lesson
for me... and I hope for you.

Do you want to know how scammers got an access to my GoDaddy account?
Phishing...Yes, you may laugh, and I can do so. I always thiugh that I'm
clever enough to not to become a victim of phishing, but I was wrong. I
remembered, that on Saturday I got a message from Godaddy, where they were
asking me to update my vital data otherwise my account will be blocked. It was
a pretty standard message. I thought about phishing first, but looked at the
link and found nothing strange (I had to do it more carefully). The link
looked like: login.godaddy.com
/askdjalksdhkjahsd?aklsjdfgbvnnsl At first sight, nothing wrong, but if you'll
look carefully you'll nothice that this is 5th level domain... This is how I
stupidly gave out my access details. I blame myself for doing this but we all
are human.

Bad practice, but good experience, here is my domain security tips I

1. Use domain private registration when it is possible. No one will know
actual owner info. No one will know your email address to send a phishing

2. Always provide true registrant data. You'll have chances to get your
domains back only if a real person owns a domain.

3. Use one unique e-mail address per domain to list it in registrant info.
You can set up a forwarding from these emails to your main inbox. More emails,
less chances to be scammed.

4. Don't put all eggs in one basket. Use different registars. Have few
domains per account. You can register more than one account for GoDaddy.

5. Keep you main email address secure. Change your password every week.

6. Never use same password for registar account, email, your web site admin

7. Remember, you have only 15 days to undo domain transfer if you're on
GoDaddy (really dunno, maybe this is Icann's rule and is applied to all
registars). So contact undo@godaddy.com immediatelly!

I hope this story and my tips will help you to keep your web property in safe.
Nothing can be 100% safe in this world, but 70% of safety is more that 20%. So
it is up to you. Good luck and thanks for reading this.

Hey, if you've found this useful, please share the post to help other folks find it:

There's even more:

Subscribe for updates

  • via Twitter: @timonweb
  • old school RSS:
  • or evergreen email ↓ ↓ ↓